Update secrets-provider to BucketV2 (#1704)

Re: pulumi/home#3631

secrets-provider/aws/README.md

@@ -64,7 +64,7 @@ pulumi up --yes
 Previewing update (aws-kms):
      Type                    Name                    Plan
  +   pulumi:pulumi:Stack     pulumi-aws-kms-aws-kms  create
- +   ├─ aws:s3:Bucket        bucket                  create
+ +   ├─ aws:s3:BucketV2      bucket                  create
  +   └─ aws:s3:BucketObject  secret                  create
 
 Resources:
@@ -73,7 +73,7 @@ Resources:
 Updating (aws-kms):
      Type                    Name                    Status
  +   pulumi:pulumi:Stack     pulumi-aws-kms-aws-kms  created
- +   ├─ aws:s3:Bucket        bucket                  created
+ +   ├─ aws:s3:BucketV2      bucket                  created
  +   └─ aws:s3:BucketObject  secret                  created
 
 Outputs:
@@ -100,9 +100,3 @@ pulumi up --yes
 error: getting secrets manager: secrets (code=Unknown): InvalidSignatureException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
 	status code: 400, request id: 35ff51c6-ef88-4c06-9146-361231b8fd4a
 ```
-
-
-
-
-
-

secrets-provider/aws/index.ts

@@ -10,10 +10,14 @@ const config = new pulumi.Config();
 const bucketName = config.require('bucketName');
 const secretValue = config.requireSecret('secretValue');
 
-// Create a private bucket
-const bucket = new aws.s3.Bucket("bucket", {
+// Create a private bucket.
+//
+// The configuration is kept very simple as the goal of this example is to demonstrate KMS encryption, not storing
+// secrets in buckets securely. In a real-world scenario if you are certain you need to be storing sensitive data in
+// buckets and have eliminated other storage options, consider setting up a custom KMS key, enforcing TLS, and enabling
+// versioning for the bucket.
+const bucket = new aws.s3.BucketV2("bucket", {
     bucket: bucketName,
-    acl: "private",
 });
 
 // Create an object from the secret value

secrets-provider/vault/README.md

@@ -68,7 +68,7 @@ pulumi up --yes
 Previewing update (vault-kms):
      Type                    Name                    Plan
  +   pulumi:pulumi:Stack     pulumi-vault-kms-vault-kms  create
- +   ├─ aws:s3:Bucket        bucket                  create
+ +   ├─ aws:s3:BucketV2      bucket                  create
  +   └─ aws:s3:BucketObject  secret                  create
 
 Resources:
@@ -77,7 +77,7 @@ Resources:
 Updating (aws-kms):
      Type                    Name                    Status
  +   pulumi:pulumi:Stack     pulumi-vault-kms-vault-kms  created
- +   ├─ aws:s3:Bucket        bucket                  created
+ +   ├─ aws:s3:BucketV2      bucket                  created
  +   └─ aws:s3:BucketObject  secret                  created
 
 Outputs:
@@ -99,7 +99,7 @@ You'll notice the secret value is also omitted from the output!
 A quick way to verify if the encryption is using the Vault key is to remove your `VAULT_SERVER_TOKEN` environment variable setting:
 
 ```bash
-unset 
+unset
 pulumi up --yes
 error: getting secrets manager: secrets (code=Unknown): Error making API request.
 
@@ -108,8 +108,3 @@ Code: 400. Errors:
 
 * missing client token
 ```
-
-
-
-
-

secrets-provider/vault/index.ts

@@ -10,10 +10,14 @@ const config = new pulumi.Config();
 const bucketName = config.require('bucketName');
 const secretValue = config.requireSecret('secretValue');
 
-// Create a private bucket
-const bucket = new aws.s3.Bucket("bucket", {
+// Create a private bucket.
+//
+// The configuration is kept very simple as the goal of this example is to demonstrate KMS encryption, not storing
+// secrets in buckets securely. In a real-world scenario if you are certain you need to be storing sensitive data in
+// buckets and have eliminated other storage options, consider setting up a custom KMS key, enforcing TLS, and enabling
+// versioning for the bucket.
+const bucket = new aws.s3.BucketV2("bucket", {
     bucket: bucketName,
-    acl: "private",
 });
 
 // Create an object from the secret value